<html>
<head><meta charset="utf-8"><title>transmuting `Box&lt;T, A&gt;` to `Box&lt;M{U,D}&lt;T&gt;, A&gt;` · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html">transmuting `Box&lt;T, A&gt;` to `Box&lt;M{U,D}&lt;T&gt;, A&gt;`</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="240330357"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting%20%60Box%3CT%2C%20A%3E%60%20to%20%60Box%3CM%7BU%2CD%7D%3CT%3E%2C%20A%3E%60/near/240330357" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Daniel Henry-Mantilla <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html#240330357">(May 26 2021 at 14:10)</a>:</h4>
<p>Since <code>Box&lt;T, A&gt;</code> is not <code>#[repr(C)]</code>, transmuting between <code>Box&lt;T, A&gt;</code> and <code>Box&lt;U, A&gt;</code> where <code>U</code> has the same <code>Layout</code> as <code>T</code> (<em>e.g.</em>, <code>U = MU&lt;T&gt;</code> or <code>U = MD&lt;T&gt;</code>) is not well-defined (unless <code>A</code> is a ZST)</p>
<p>However, there seem to be instances where having this guarantee could be very useful, or even "needed".  For instance, in <a href="https://github.com/rust-lang/rust/pull/85577/files/a29b1959d80f8eb95a274c95f28f50c49ce2cd75#r639629318">https://github.com/rust-lang/rust/pull/85577/files/a29b1959d80f8eb95a274c95f28f50c49ce2cd75#r639629318</a>, we end up in a tricky situation: we'd like to do <code>**boxed = value;</code>, except that <code>boxed</code>'s pointee is not <code>Sized</code> (but we know it has the same layout as <code>value</code>'s, and that <code>value</code> can coerce to the <code>?Sized</code> type of the pointee).</p>
<p>So, to "implement" this operation, given a <code>boxed: &amp;mut Box&lt;T, A&gt;</code>, a <code>drop_in_place</code> of  <code>**boxed</code> is performed, and <code>finally</code> (through a drop-guard), the (now potentially dropped) pointee is overwritten with <code>value</code> (and the pointer itself is also overwritten with one having correct metadata).</p>
<p>The issue lies in that drop-guard: it needs to capture a <code>&amp;mut Box&lt;T, A&gt;</code>, except that since <code>T</code> may have been dropped, I suggested that <code>&amp;mut Box&lt;MD&lt;T&gt;, A&gt;</code> be used instead. But, indeed, such cast can only be done if we know these two have the same layout, which is not guaranteed for a non-ZST <code>A</code>llocator.</p>



<a name="240331789"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting%20%60Box%3CT%2C%20A%3E%60%20to%20%60Box%3CM%7BU%2CD%7D%3CT%3E%2C%20A%3E%60/near/240331789" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Lokathor <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html#240331789">(May 26 2021 at 14:20)</a>:</h4>
<p>MU = MaybeUninit<br>
MD = Manually Drop<br>
(took me a minute to figure that part out)</p>



<a name="240331932"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting%20%60Box%3CT%2C%20A%3E%60%20to%20%60Box%3CM%7BU%2CD%7D%3CT%3E%2C%20A%3E%60/near/240331932" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Daniel Henry-Mantilla <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html#240331932">(May 26 2021 at 14:21)</a>:</h4>
<p>Sorry <span aria-label="sweat smile" class="emoji emoji-1f605" role="img" title="sweat smile">:sweat_smile:</span></p>



<a name="240332180"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting%20%60Box%3CT%2C%20A%3E%60%20to%20%60Box%3CM%7BU%2CD%7D%3CT%3E%2C%20A%3E%60/near/240332180" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Connor Horman <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html#240332180">(May 26 2021 at 14:22)</a>:</h4>
<p>For <code>A=Global</code> specifically, wouldn't the transmute be guaranteed? Layout-compatibility is an equivalence relation, and Box&lt;T,Global&gt; is layout-compatible with <code>*mut T</code>.</p>



<a name="240332250"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting%20%60Box%3CT%2C%20A%3E%60%20to%20%60Box%3CM%7BU%2CD%7D%3CT%3E%2C%20A%3E%60/near/240332250" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Connor Horman <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html#240332250">(May 26 2021 at 14:23)</a>:</h4>
<p>Though that wouldn't help the general case from <code>allocator_api</code>.</p>



<a name="240333194"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting%20%60Box%3CT%2C%20A%3E%60%20to%20%60Box%3CM%7BU%2CD%7D%3CT%3E%2C%20A%3E%60/near/240333194" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Daniel Henry-Mantilla <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html#240333194">(May 26 2021 at 14:29)</a>:</h4>
<p>Yes, for <code>A = Global</code> (and maybe more generally for when <code>A</code> is a <code>Zst</code>), the transmute is well-defined. But the PR in question was indeed using the <code>allocator_api</code></p>



<a name="240698297"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting%20%60Box%3CT%2C%20A%3E%60%20to%20%60Box%3CM%7BU%2CD%7D%3CT%3E%2C%20A%3E%60/near/240698297" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/transmuting.20.60Box.3CT.2C.20A.3E.60.20to.20.60Box.3CM.7BU.2CD.7D.3CT.3E.2C.20A.3E.60.html#240698297">(May 29 2021 at 11:51)</a>:</h4>
<p>Yeah that sounds like a reasonable guarantee to make (and I think it will currently be true in practice)</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>